EMV: ARE YOU IN THE GAME?

Are you up-to-date on current issues affecting the implementation of EMV technology used in accepting card payments? Are you aware, for example, that liability for fraudulent face-to-face retail card payment transactions has shifted to merchants as of October 1, 2015,1 unless equipment has been upgraded to process EMV transactions?

As of May, 2015, three out of four consumers had expected to use their EMV cards where they shopped and 68% of consumers had an interest in EMV for their personal protection and security.2 By the end of 2015, 60% of issued U.S. credit cards and 25% of U.S. debit cards are expected to be EMV cards.3 Magnetic strips will continue to appear on EMV cards in the near term for use with antiquated terminals, and EMV terminals will automatically require insertion of EMV cards into an EMV reader slot. More than one billion EMV cards are expected to be in the hands of U.S. consumers by the end of 2016.4

IS EMV CHIP & PIN STILL A RELEVANT FACTOR?

EMV ‘Chip & PIN’ technology, used in Europe and elsewhere for more than 20 years, requires entry of a cardholder’s personal identification number (PIN) to authenticate a retail payment transaction; which provides more security of sensitive cardholder data than simply requiring a cardholder’s signature.5 Our federal government now requires EMV Chip & PIN for all its card payment transactions,6 and some major retailers argue for its use today within all retail stores. PIN entry, however, isn’t considered to be as relevant a fraud prevention tool as it was when first introduced in Europe, and as EMV is being implemented throughout the U.S., it appears that most EMV consumer transactions will only require the cardholder’s signature.

MODERN APPROACHES TO PAYMENT FRAUD PREVENTION

According to Stephanie Ericksen, Vice-president of Risk Products at Visa, the U.S. is adopting an approach currently taken by both Europe and Canada, which is to move away from PINs in favor of newer technologies. Tokenization, for instance, substitutes tokens for sensitive cardholder data which up to now has typically been stored within independent merchant databases; and end-to-end encryption makes such data indecipherable to hackers from the point where data is first entered into a device until it is deciphered by an intended recipient. These and other technologies, such as biometrics and multi-factor authentication, address the ever-changing direction of fraudulent activity in relation to consumer and business payments. For example, reduction in fraud within retail stores has resulted in increased on-line fraud, including eCommerce, and the newer technologies can more broadly address fraud prevention for both. Doug Johnson, Senior Vice-president of Payments and Cyber-security Policy at the American Bankers Association, adds that only about 5% of card fraud comes from stolen or lost cards, the kinds of transactions a PIN defends against; implying that it is best to invest in newer innovations than to expend effort on implementation of less effective PIN technology.7

CAN YOU HELP?

The payments industry is mandating implementation of systems to protect consumers from harm, and most large retailers and a substantial percentage of small retailers are already on board with this effort.8 Many retailers, however, remain uninformed about EMV and the first step is education. As for consumers, obviously some will begin to seek out merchants that will protect them and some will avoid those that won’t.9